[Emerging-updates] Daily Ruleset Update Summary 08/21/2014

Francis Trudeau ftrudeau at emergingthreats.net
Thu Aug 21 18:25:27 EDT 2014


 [***] Summary: [***]

 9 Open signatures, 21 Pro (9+13).  OneLouder, Machete, Various
Android, SillyFDC.

 Thanks:  @jaimeblascob, @EKWatcher and Nathan Fowler.

 [+++]          Added rules:          [+++]

  Open:

  2018976 - ET MALWARE Hoic.zip retrieval (malware.rules)
  2018977 - ET MALWARE HOIC with booster outbound (malware.rules)
  2018978 - ET WEB_SERVER HOIC with booster inbound (web_server.rules)
  2018979 - ET TROJAN Miras C2 Activity (trojan.rules)
  2018980 - ET TROJAN Machete FTP activity (trojan.rules)
  2018981 - ET CURRENT_EVENTS Probable OneLouder downloader (Zeus P2P)
(current_events.rules)
  2018982 - ET CURRENT_EVENTS Probable OneLouder downloader (Zeus P2P)
exe download (current_events.rules)
  2018983 - ET CURRENT_EVENTS Probable OneLouder downloader (Zeus P2P)
(current_events.rules)
  2018984 - ET TROJAN PlugX variant (trojan.rules)

  Pro:

  2808599 - ETPRO TROJAN Win32/Bancos.DI HTTP callback (trojan.rules)
  2808600 - ETPRO TROJAN Backdoor.Perl.Shellbot.B IRC Checkin (trojan.rules)
  2808601 - ETPRO TROJAN Win32/Qhost.PGZ Checkin (trojan.rules)
  2808602 - ETPRO MOBILE_MALWARE Android/Crosate.N Checkin
(mobile_malware.rules)
  2808603 - ETPRO TROJAN Worm.Win32.SillyFDC Checkin (trojan.rules)
  2808604 - ETPRO TROJAN W32.Virut IRC checkin (trojan.rules)
  2808605 - ETPRO TROJAN Rogue.Win32/Defru Checkin (trojan.rules)
  2808606 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Wirec.a Checkin
(mobile_malware.rules)
  2808607 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Wirec.a Checkin 2
(mobile_malware.rules)
  2808608 - ETPRO MOBILE_MALWARE Android.Riskware.SMSPay.AO Checkin 3
(mobile_malware.rules)
  2808609 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Iconosys.a Checkin 4
(mobile_malware.rules)
  2808610 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.Iconosys.a Checkin 5
(mobile_malware.rules)
  2808611 - ETPRO TROJAN Win32/Spy.Usteal.C Checkin (trojan.rules)


 [///]     Modified active rules:     [///]

  2006445 - ET WEB_SERVER Possible SQL Injection Attempt SELECT FROM
(web_server.rules)
  2008411 - ET TROJAN LDPinch SMTP Password Report with mail client
The Bat! (trojan.rules)
  2009521 - ET TROJAN Win32/Nubjub.A HTTP Check-in  (trojan.rules)
  2009833 - ET SCAN WITOOL SQL Injection Scan (scan.rules)
  2010953 - ET SCAN Skipfish Web Application Scan Detected (scan.rules)
  2011894 - ET TROJAN TDSS/TDL/Alureon MBR rootkit Checkin (trojan.rules)
  2016913 - ET TROJAN Backdoor.Win32.VB.Alsci/Dragon Eye RAT Checkin
(sending user info) (trojan.rules)
  2802121 - ETPRO WORM Worm.Win32.Cospet.A Checkin (worm.rules)
  2802830 - ETPRO TROJAN Win32.Banksun.A Checkin (trojan.rules)
  2803129 - ETPRO TROJAN Palevo CnC Response (trojan.rules)
  2803669 - ETPRO SCADA Progea Movicon PowerHMI Memory Corruption
Negative Content Length (scada.rules)
  2805870 - ETPRO MOBILE_MALWARE Android/TrojanSMS.Placms.F Checkin
(mobile_malware.rules)
  2807674 - ETPRO POLICY Primecoin (policy.rules)


 [///]    Modified inactive rules:    [///]

  2018537 - ET WEB_CLIENT Possible GnuTLS Client ServerHello SessionID
Overflow CVE-2014-3466 (web_client.rules)


 [---]  Disabled and modified rules:  [---]

  2016763 - ET SCAN Non-Malicious SSH/SSL Scanner on the run (scan.rules)
  2802971 - ETPRO TROJAN Killproc.5707/Generic Checkin Request 1 (trojan.rules)
  2803088 - ETPRO DNS Bracket in DNS Query - Possible Covert Channel (dns.rules)


 [---]         Disabled rules:        [---]

  2014893 - ET SCAN critical.io Scan (scan.rules)


More information about the Emerging-updates mailing list